A UK view on Cyber, Information & IT Security by Security Expert Dave Whitelegg. Providing advice and explaining security for everyone, and also contemplating advanced themes and future trends in security.
With a focus on all the latest developments & issues within the UK Information Security space such as Hacking, DDoS, Botnets, Malware, Identity Theft, Data Protection (DPA) and regulatory compliance like PCI DSS & ISO27001:2013, all will be explained in an easy to understand way.

Thursday, 15 December 2016

Yahoo's Mind-blowing One Billion Data Theft Hack

Just over three months ago I posted about Yahoo, The Largest Data Breach in History...so far. It was apt I added "so far" in the post title as in the early hours today, Yahoo announced an even more mind-blowing data theft hack of over One Billion Yahoo user accounts.

If you are a concerned Yahoo email account holder

1. Reset your Yahoo account password, make sure your old Yahoo passwords are not used on any other of your online accounts

2. Change your Security Questions and Answers on all accounts with same Q&A as Yahoo, you might have to make up false answers only you know to ensure safety

3. Be extra vigilant, especially with signs of any access to your email account, and receiving scam phishing emails

Mark Crowther, Associate Director at Cyber Security Specialists Cyberis (www.cyberis.co.uk), has some interesting thoughts on the latest breach at Yahoo, raising serious questions about the company's historical and ongoing security programme. The following are his views.

The latest reports say that Yahoo lost data for more than one billion users back in August 2013 and that the data is suspected to contain names, email addresses, hashed passwords, security questions and associated answers. In addition, Yahoo has stated that the attackers have accessed Yahoo proprietary code used to generate cookies for user access without credentials.

This breach raises a number of questions, including: Why did it take so long to identify and notify authorities about it? What are the implications for Yahoo users? What might this mean for Yahoo going forward?

Although Yahoo claims that this notification is distinct from the 2014 breach (reported in September 2016), it raises questions as to why this more significant breach was not identified during earlier investigations. Forensic investigations may have been either too focussed on the 2014 breach, or incomplete, preventing identification of this earlier and more significant breach. To add balance to this argument, it should be stated that it is not clear at this time if the breached systems were related, however following the 2014 breach, Yahoo should certainly have considered further investigations to identify if any wider breaches had occurred.

So what are the implications for Yahoo users? Considering that this breach constitutes approximately one-third of Yahoo’s user base, it would be a fair assumption for all Yahoo users that their accounts have been compromised. The data set reported to be compromised includes both username and passwords, and whilst the passwords are reportedly hashed, the weak algorithm in use leaves them wide open to abuse (see our earlier blog post on password hashing - https://www.cyberis.co.uk/2012/06/adding-pinch-of-salt.html)

Cyberis advises Yahoo users, and users of related services such as Flickr and Tumblr, to change their passwords with immediate effect. If you have used your Yahoo password with any other service, you should also change these passwords. If you have registered for a website using a Yahoo email account, you should also consider resetting your password for these services, especially if you haven't used them for some time. Password reset services often use email addresses to manage a password change or forgotten password function. Anyone with access to the breached data could have potentially used this information to access any site associated with your Yahoo email account.

Given that Yahoo has announced that proprietary data was accessed, the breach is currently assumed to extend to Yahoo internal systems. This could suggest a highly skilled and motivated adversary, potentially even a state-sponsored hacking group. Access to millions of email accounts would be a clear motivation to many different threat actors of course, including foreign intelligence services and governments. We fully expect that further information about the extent of the breach will be released in the near future, but in the meantime, it’s certainly not looking good for Yahoo.

Support Bloggers Rights

About Me

ShareThis

Disclaimer

This is a personal website, all views or opinions represented in this blog are personal to Dave Whitelegg and guest bloggers that post, and do not represent the views or opinions of any business or organisation. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information.

All original content copyright David Whitelegg 2007-2016. You may not use any original content with. Awesome Inc. theme. Powered by Blogger.